Establish operational risk and compliance management as a sustainable business process.(SELECTED TOPIC)

Basel II and the Sarbanes-Oxley Act represent a new challenge to financial institutions by virtue of their requirements for financial transparency and ensuing market discipline. While FDI-CIA covered much of the same territory in its requirement for a comprehensive system of operating controls, the supervision of these requirements fell mostly within the closed environment of banking regulators. Today, you operate in a very different, very open, and sometimes, hostile market environment: one that many view as event-prone and potentially very dangerous to the market capitalization of institutions that transgress prevailing compliance requirements. In this context, compliance is risk, and the discipline of risk management is required to protect market valuations and your company's ability to grow.

The Core Discipline of Operational Risk covers procedures, systems, monitoring and communication protocols that enable institutions to manage their exposure to errors due to failures in people, systems and processes and external events. In general, these procedures accomplish two very important objectives:

* First, and most importantly, enterprise-wide policies are aligned with the corporation's objectives and the risk tolerance of the governing board; and,

* Secondly, the responsibilities of all managers and staff are delineated and assigned to business units and processes to ensure that risks to the enterprise are identified and mitigation schema are put in place.

Since most regulatory requirements are not developed in a vacuum, a comprehensive system of operating control serves the dual purpose of insulating the enterprise from operational errors AND potential compliance violations. It is interesting to note that most financial institutions have suffered through the process of establishing a comprehensive compliance framework to meet Sarbanes-Oxley control attestation requirements, only to find that they were looking at operating controls that should have been in place, in any case, to protect value. This intersection of goals, the formal meeting of Basel II and Sarbanes-Oxley, has given rise to increased interest in operational risk. Some institutions have indeed asked, "having spent an enormous amount of time in documenting an extensive controls framework around risks that can have a material effect on our financial presentation, can we expand this effort to improve processes and secure a strategic advantage in the marketplace?" The answer is a resounding YES.

However, moving from a pure compliance-focused effort to an operating risk framework requires an adjustment in thinking. Compliance is generally thought of as a series of required actions to abide by the law--do this, don't do that, if this, then that, etc.--risk management, on the other hand, takes a different tack, asking, "if this happens, how will it affect the bottom line?" The conscientious assessment and measurement of this risk and subsequent losses over time assist institutions in building ...